A Business Continuity Plan (BCP) is defined as a roadmap to enable a business to continue operations under adverse conditions, such as an unforeseen disaster or other interruption (bad weather, flooding, power outages, labor strikes, or any other identified risk to the business). Business continuity planning is a process of identifying the potential risks to your business and then evaluating how to prepare for these so that if they do happen, your business can continue to be viable. This is not the same thing as IT disaster recovery. IT disaster recovery involves making sure your IT systems can continue to function and your data is still available in the event that your primary systems go down; if a fire wipes out your server room for example or a massive blackout disables your primary network routers. Typically your IT service provider will provide you with options for backup hosting at other sites as part of Disaster Recovery Planning (DRP).
DRP is part of BCP, but BCP goes beyond just IT systems and looks at the entire business structure; in the event of a disaster where will your people work from? If downed trees and power lines cut off major roadways needed for distributing your product what will you do? If a swine flu outbreak keeps 3/4 of your staff at home can your business still function? This is what BCP looks at; being prepared for the unplanned interruptions. Making advanced preparations just in case of disaster is good business, but it does involve some cost, so the level of preparation needs to be evaluated against the potential risk. This is what an effective BCP plan will evaluate. The plan will look at each critical operation and identify the level of risk and the options for maintaining business in the event of a disaster. Based on this evaluation (typically know as a Business Impact Analysis or BIA), an effective and realistic BCP can be created which will effectively help the business to survive and operate during an unforeseen interruption or disaster. The critical elements of the plan must include not just the IT systems but also personnel/employees, communications, production, distribution and (very important) communications with customers, vendors, media, local authorities and governmental regulators. If you do not pay your taxes or your bank loans because your records are under water, you may not be in business after the water level goes down.
Big businesses have readily adopted this strategy and brought in consulting firms and purchased enterprise software to set up and manage BCPs. This has created the biggest opportunity for disaster-planning consultants since Y2K. The down side is that the price tag for having a firm set up and manage a BCP can go into the $100,000’s. For small businesses, this is too cost prohibitive but BCP is still critical and this should not deter small businesses from seriously thinking about what they would do in the event of a disaster.
Rather than paying out big$$$ for a team of consultants or licensing enterprise software, small businesses can benefit from following the same logical thinking that the consultants use. BCP firms typically come into a client with a standard set of templates (a basic generic roadmap for the BCP) which identifies all the potential risks and key operations in a business (paying vendors, manufacturing, customer service, regulatory filings, etc). The consultants then interview key individuals in each area and ask them how important each operation they perform is (how long can the business survive with out it?). Then they ask these same people what the options are to keep this operation going if a disaster happens (can you outsource it? To whom? Can you buy extra supplies and keep them somewhere else?). Then with this information, the consultants modify the standard templates as needed to suit the situation. The final modified templates are presented as a customized BCP plan to the business management, who ultimately makes the decisions on what they will support in terms of what steps will be put into place and how much money will be spent. The bulk of the specific actionable information in the BCP comes from the business, not the consultants. The BCP templates provide a guide to prompt the appropriate discussions and ask the right questions. So armed with a basic BCP template, a small business owner can perform this same procedure and come up with an effective BCP on their own or with the help of conscientious person (not necessarily a BCP consultant). Although the process of setting up and managing a BCP seems very complicated and/or prohibitively expensive for small businesses, it does not need to be. There are materials and resources available that would greatly help out the small businesses to be prepared for the unforeseen without the need to spend large sums of money.